running as another user?

Joshua ChaitinPollak jpollak at kivasystems.com
Fri Jan 20 17:52:09 UTC 2006 

On Jan 20, 2006, at 12:30 PM, Rob Landley wrote:

> On Thursday 19 January 2006 20:26, Paul Fox wrote:
>
>>> Or, to show that -c is pointless:
>>>   su root /bin/sh \-c "ls -l"
>>>
>>> Unfortunately, you need the - to prevent getopt from parsing -c  
>>> as an
>>> option to su.  (Maybe this is an ubuntu bug?)
>
> Obviously, that should have been "Unfortunately, you need the \ to..."
>
>> okay.  it turns out i don't understand su as well as i thought,
>> but i think i understand better now.  in a traditional version of
>> su (and i just checked a very old pre-SystemV AT&T manual) the -c
>> shouldn't ever be interpreted by su.  a correctly operating su
>> should pass all of its args to the shell.
>
> Why run a shell?  If you tell it an executable to run, why can't it  
> just exec
> the executable directly?  Your command line options are already  
> parsed, so
> theoretically all you have to do is execvp(argv[offset],argv+offset);
>
> Now if you don't specify a command, or if you start with an  
> unrecognized
> option (one other than -m, -p, or -s), then you need to stick a  
> shell in
> front of it.  (Both - and -c should be handled by your shell anyway.)
>
>> so this:
>>     su root ps ax
>> becomes this (after the id switch):
>>     /bin/sh ps ax
>> which is where the "cannot execute binary file" comes from.
>
> Which busybox odes, but ubuntu doesn't.
>
>> to get around that error, you need to use:
>>     su root -c ps ax
>> which becomes:
>>     /bin/sh -c ps ax
>> note that the "-c" you added is an option to the shell, not to su.
>
> In the busybox version, -c requires quotes around "ps ax" or else  
> it will
> execute ps without ax.
>
>> but if i look at "man su" on ubuntu (which matches behavior with
>> what's in debian etch, though i don't have a man page there), i
>> see this text:
>>     Any arguments supplied after the username will be
>>     concatenated in a single command and passed to the invoked
>>     shell with the -c option of that shell.  If you want to
>>     provide separated arguments to the shell, you can supply exec
>>     <shell> <arguments> as the command.
>>
>> so in these newer su commands, su adds the "-c" for you.  and,
>> from experiment, it looks like it only passes one -c option, not
>> two, as you might expect from the man page.
>
> In low memory environments the ability to exec binaries without  
> going through
> a shell might actually be the behavior we want.  I'll have to think  
> about it.

Seems reasonable. Here's a question: How do environment variables fit  
into this with respect to launching a shell or not? For example, I'm  
currently doing:

su user -c "LD_LIBRARY_PATH=/my/libs /my/binary -myopts" > /tmp/ 
logfile &

Now, I know I could put the redirect into the quoted string and  
redirect as user rather than redirect as root, but I don't really  
care. I'd love to not spawn another shell though, but I'd still need  
to set the environment variable. Will this work?

LD_LIBRARY_PATH=/my/libs su user /my/binary -myopts > /tmp/logfile &

Does bb's su pass the environment into the executing application?

-- 
Joshua ChaitinPollak
Software Engineer
Kiva Systems

More information about the busybox mailing list